While working with encrypted querystrings in ASP.NET I noticed people doing this:
string strValues = "search term"; string strURL = "http://mysite.com?search=" + encryptQueryString(strValues); Response.Redirect(strURL);
string strScramble = Request.QueryString["search"];
string strdeCrypt = decryptQueryString(strScramble.Replace(" ", "+"));
The “strScramble.Replace(” “, “+”)” is a scary way to get around the request.querystring automatically changing the “+” into a space. A better way is to use System.Uri.EscapeDataString before adding the querystring value. Then HttpUtility.UrlDecode works as expected returning the “+”.
According to this blog on MSDN (http://blogs.msdn.com/yangxind/default.aspx), when encoding the URL use “System.Uri.EscapeDataString”, when decoding the URL use “ HttpUtility.UrlDecode“.
Example using Uri.EscapeDataString and taking out replace:
string strValues = "search term"; string strURL = "http://mysite.com?search=" + encryptQueryString(Uri.EscapeDataString(strValues)); Response.Redirect(strURL);
string strScramble = Request.QueryString["search"]; string strdeCrypt = decryptQueryString(strScramble);
NET encoding methods
|
Characters |
HttpUtility.UrlEncode |
System.Uri.EscapeDataString |
System.Uri.EscapeUriString |
|
& |
%26 |
%26 |
& |
|
$ |
%24 |
%24 |
$ |
|
+ |
%2b |
%2B |
+ |
|
Space |
+ |
%20 |
%20 |
|
% |
%25 |
%25 |
%25 |
|
< |
%3c |
%3C |
%3C |
There are two decoding methods in .NET
|
Encoded Characters |
HttpUtility.UrlDecode |
System.Uri.UnescapeDataString |
|
%26 |
& |
& |
|
%24 |
$ |
$ |
|
%2b |
+ |
+ |
|
%20 |
Space |
Space |
|
+ |
Space |
+ |
|
%25 |
% |
% |
|
%3c |
< |
< |
Leave a Reply